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Abstract 

In this paper we determine the noise properties needed for unconditional security for the ideal Kirchhoff-Law-Johnson- 
Noise (KLJN) secure key distribution system using simple statistical analysis. It has already been shown using physical laws 
that resistors and Johnson-like noise sources provide unconditional security. However real implementations use artificial 
noise generators, therefore it is a question if other kind of noise sources and resistor values could be used as well. We 
answer this question and in the same time we provide a theoretical basis to analyze real systems as well. 
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Introduction 

Communication security is getting more and more important in 
many different applications including electronic banking, protect- 
ing personal data, securing intellectual property of companies, 
transmission of medical data and many more. The Kirchhoff-Law- 
Johnson-Noise (KLJN) protocol was introduced as a low cost 
unconditionally secure key exchange protocol using only passive 
components: four resistors, two switches and interconnecting wires 
[1]. The protocol is based only on the laws of classical physics and 
has been introduced as an inexpensive alternative to quantum 
communicators. The first real implementation has been shown a 
few years after its discovery [2,3] and it has inspired the 
development of another secret key exchanged method [4] . There 
are many potential apphcations including securing computers, 
algorithms and hardware (memories, processors, keyboards, mass 
storage media) [5], key distribution over the Smart Grid [6], 
ethernet cables [7] , uncloneable hardware keys [8] . Several attack 
methods has been discussed [9-14], however the ideal KLJN 
system is found to be secure. Debates are stiU going on [15,16] and 
recent papers discuss practical considerations for the applications 
[17,18]. 

The KLJN key exchange protocol is rather simple. During the 
communication a secret key is generated and shared between the 
two communicating parties, Alice and Bob. The system consists of 
two communicators and a transmission wire, see Fig. 1. Each 
communicator includes two resistors Rj^ and Ru and two series 
voltage noise sources fLA(/), Fha(^) and Flb(<), Fhb(') representing 
die thermal noise of the resistors at Alice and Bob, respectively: 

Si,(f) = 4kTRi^ (1) 



SH(f) = 4kTRn (2) 

where SjJJ) is the power spectral density of the voltage noise 
sources Vusjt), Vi^{t) and 5h(/) is the power spectral density of the 
voltage noise sources fHA('), VuBit)', k is the Boltzmann constant 
and Tis the temperature. 

A switch is used to select one of the resistors to be connected to 
the wire connecting the two communicators, see Fig. 1. At the 
beginning of each bit exchange, both Alice and Bob connect a 
resistor (i?H or R^ to the wire. If both, Alice and Bob connect the 
higher value resistor, the voltage noise level will be high in the 
wire. If they both connect the low value resistor, the voltage noise 
will be low. If they connect different value resistors, the noise level 
will be intermediate and this is invariant if the resistors are 
swapped. [1,13]. This level can also be identified by the 
eavesdropper. Eve, however she cannot determine who has 
chosen the low value resistor. For this reason, this is the secure 
state that can be used for key exchange. 

Note that in real applications the noise would be too small, 
therefore artificial noise generators are used to provide large 
enough signals in a given frequency band. In this case, the noise 
equivalent temperature is above 10' K [1]. On the other hand 
generators can enhance the security and offer new schemes with 
higher practical security in the non-ideal situations [17]. 

Results 

According to the papers about the KLJN communication 
method the artificial noise generators are only used to emulate 
high temperatures, so they must generate Johnson-like noise. 
Therefore the security proof based on physical laws remains valid 
[1]. Our approach is in some sense opposite to the previous ones. 
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when security has been proven for the given noise properties. Here 
we determine what the requirements of noise properties for 
unconditional security are. On the other hand, our analysis is 
based on statistical methods instead of physical laws of thermo- 
dynamics, therefore it can be more easily understandable for 
computer engineers and software engineers. 

Let us assume that the system is operated in the LH situation, 
when Alice has switched on the lower value resistor and noise, 
while Bob uses the higher value resistor and noise as shown in 
Fig. 1. 

In this case Eve measures the following voltage Fe(Z) and current 
/e(^) (flowing from Bob's side towards Alice) in the wire: 



VE(t)-- 



VLAiryRH+VHBityRL 

Rl + Rh 



(3) 



The variance is given by the sum of variances: 



Rl + Rh) """'[Rl + RhJ 



Rh-RlV 



(8) 



where CTa^ is the variance of Vj^{i) and CTl^ and (7h^ ^re the 
variances of the voltage noise Vu^(t) and VuB{t), respectively. 

The communication can only be secure if (7a — "'h, otherwise 
Eve will know that Alice connected the low value resistor and 
voltage generator to the wire. Substituting this into Eq. (8) yields: 



\Rl + Rh 



2Rn 
Rl + Rh 



(9) 



and 



uty- 



Khb(0- 
Rl^ 



Rh 



(4) 



where Fla(^ and Fhb(<) are the voltage noise signals at Alice and 
Bob, respectively. She can have two hypotheses: the correct one 
and the opposite. She can calculate the statistics of Alice's voltage 
noise for both cases. Since she knows the resistor values and the 
used voltage noise statistics, it is clear, that she will know that her 
assumption is wrong, if she gets invalid values during her 
calculations. For the correct assumption she must get correct 
results of course. Let us see what happens in the case of the wrong 
hypothesis. In this case Eve assumes that the high value resistor has 
been chosen by Alice. Therefore she calculates Alice's noise 
voltage Va{1) as: 



{2-Rh) 



{RL+RHr-{RH-RLr 



Rl 



or in other form 



2RlRh 



{Ri- 



2RLRn 



(10) 



-Rl) 



Rh 
Rl 



(11) 



= -] Kyi 



J, VLAm-RH+yHBiOiRH-RL) 



(12) 



Therefore the noise amplitude must depend on the resistance as in 
the case of thermal noise; it must be proportional to the square 
root of the resistance. Otherwise the communication is certainly 
unsecure. 

In the following we check how the security depends on the 
probability distribution of the noise. When the eavesdropper 
makes the correct assumption, she can calculate the noise signal 
that Alice is using exactly; therefore she gets the correct probability 
distribution of course. When she makes the wrong assumption 
then she obtains: 



VA(t)=vuty 



2Rh 
Rl + Rh 



+ Vn(t) 



Rh — Rl 
Rl + Rh 



(13) 



The probability density Pa{x) of Pa(/) is given by the convolution 
of the probability densities of the two independent terms in Eq. 
AliC6 Bob (13). lip{x) is the probability density function with unity variance. 




Figure 1. The KLJN secure communication system. 

doi:10.1371/journal.pone.0096109.g001 
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Rl + Rh 



then 



where aA^ is the variance of Fa.(/), and 



(15) 



(16) 



Pa(x) = 



(17) 



If Eq. (12) is satisfied, then dj^ — an, that is needed for secure 
communication. Furthermore Pa(x) measured by Eve must also be 
identical to the probability density function /'h(^) of the noise 
voltages Fha(') and Vub{1), otherwise Eve can detect that her 
assumption is wrong. Therefore using Eqs. (16) and {11) pt^{x) can 
be expressed as. 



1 



PaW =Pli(x) = —p (— I . I 



(18) 



and finally we get 
1 



Discussion 

Eq. (19) is valid for normal distribution only [19], therefore we 
can conclude that the noise sources Fla(/), Flb(^) and Fha(*), Vn-gij) 
must have normal distribution and the ratio of their amplitude 
must be equal to the square root of the ratio of the corresponding 
resistor values. In other words, Johnson-like noise must be used for 
the secure key exchange in the KLJN system. Note that although 
several other distributions - for example Cauchy-distribution - 
satisfy the condition that the convolution in Eq. (19) does not 
change the type of distribution, however the finite variance 
required by energetic considerations is only provided by normal 
distribution. 

It is easy to see that for example random numbers with uniform 
distribution can't be used for secure communication. In this case 
Eq. (17) gives a trapezoidal probability density function iov p/^{x) as 
shown on Fig. 2, therefore its deviation from pu{^ can be very 
easily detected. We have developed a simple software application 
written in Lab VIEW that can be used to simulate the KLJN 
protocol [20] . Normal or uniform distribution can be selected and 
the values of i?L, Rn, amplitude of Fla(/), Vui{t) and Fha('), Fhb(^I 
can be arbitrarily chosen. The application performs Eve's 
calculation of V/^{t) for both hypotheses, and plots the correspond- 
ing measured amplitudes and probability densities. 




Figure 2. The probability density function PaM in the case of 
uniform distribution (solid line) strongly differs from PhM 
(dashed line). 

doi:1 0.1 371/journal.pone.00961 09.g002 

Limitations and Open Questions 

We have presented a mathematical statistical approach to 
determine the noise properties and resistor values required for 
secure communication and the results are in agreement with the 
original physical approach [1]. On the other hand our work does 
not address the question of complete security. 

Considerable additional work could be carried out to investigate 
several attack types with similar approach. For example, in 
practical apphcations the effect of resistor inaccuracies, wire 
resistances can also be analyzed using our method; Eq. (8) can be 
apphed to find the difference between the observed and expected 
variances, Op^ and (Tyi, respectively. This means that the 
information leak due to these inaccuracies can be estimated. On 
the other hand, if the desired security level is given, the required 
resistor values and accuracy of the components can be obtained. 

Furthermore one can consider correlation properties, band- 
width of the noise sources that is important in practical 
applications and discussed in several publications. 

Conclusions 

In this paper we have shown a mathematical statistical 
approach to find out what kind of noise sources are required for 
secure communications in the KirchhoflF-Loop-Johnson-Noise 
unconditionally secure key exchange system. In agreement with 
the results can be found in the literature we found that the noise 
amplitude must scale with the square root of the corresponding 
resistor value and Gaussian noise sources must be used. 

Note that our approach can serve as a starting point to 
quantitatively analyze several attack types in practical applications. 
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